Many credit cards already use the 3-D Secure standard. The classic 3-D Secure method requires card holders to complete authentication in a separate window before completing the online payment. This additional authentication procedure better prevents misuse of cards and shifts liability for chargebacks to the issuer at the same time. The decision to use 3-D Secure 1.0.2 (3-DS) is ultimately up to the merchant and their bank (acquirer).
Even if many credit institutions have now switched to a dynamic process (e.g. out-of-band authentication), the current version of the 3-DS security standard is no longer up to speed. The method is not very user friendly and frequently results in users aborting their purchase in the checkout process. In short, 3-DS has only enjoyed limited acceptance by merchants and consumers.
EMVCo – an association of the major credit card companies – recognised the challenges a long time ago, redesigned the existing security method and has adopted a new, uniform standard with 3-D Secure 2.0 (3-DS 2.0). The goal is to offer a positive, smooth e-commerce shopping experience while still guaranteeing maximum security.
According to EMVCo specifications, 3-DS 2.0 offers the following advantages over 3-DS:
- Full integration of customer authentication in the sales process, both in web shops and in an app.
- The risk-based authentication allows for a smooth processing of transactions. Thanks to ‘frictionless flow’, low-risk transactions are identified based on data sent in the background. True customer authentication is no longer required in these cases. The checkout can therefore be processed without being interrupted by the 3-DS process.
- This does away with the initial registration of card holders during checkout.
- Support for secure and user-friendly technologies and standards for user authentication, such as biometrics, dynamic passwords, out-of-band and token-based authentication.
- 3-DS 2.0 is used to implement the Regulatory Technical Standard (RTS) requirements put forth by the new European Payment Service Directive (PSD2).
At present, issuers, acquirers, payment service providers (PSP) and other key market players are working on the technical implementation of 3-DS 2.0.
According to the credit card schemes, the new standard will become binding in the first set of countries in April 2019. From then on, support for 3-DS 2.0 is mandatory for acquirers and issuers as well as merchants. According to EMVCo, however, 3-DS 2.0 will be operated in parallel to the legacy version.
Datatrans recommends that its customers consult with their acquirers to discuss the 3-DS 2.0 requirements as well as the timeline for technical implementation. Datatrans will provide the necessary technical solutions in due course.
More information about 3-DS 2.0 is available at https://www.emvco.com.
Datatrans will keep you updated about developments relevant to PSD2 and 3-DS 2.0. Do you have questions about these topics? Feel free to contact us by sending an e-mail to [email protected].